• Empleos
  • Sobre nosotros
  • profesionales
    • Inicio
    • Empleos
    • Cursos y retos
    • Preguntas
    • Profesores
  • empresas
    • Inicio
    • Publicar vacante
    • Nuestro proceso
    • Precios
    • Pruebas Online
    • Nómina
    • Blog
    • Comercial
    • Calculadora de salario

0

78
Vistas
Problem with executing javascript through reflected XSS

So from some tutorials I came up with two bots that can execute javascript on a page. But the one using pyppeteer wont execute JS either from reflected or stored XSS while the requests-html bot only executes javascript from stored XSS. Requests-html bot:-

from requests_html import HTMLSession
session = HTMLSession()
resp = session.get('http://127.0.0.1/search.php?x=<script>fetch("http://127.0.0.1:8888")</script>')
# Run JavaScript code on webpage
resp.html.render()

Pyppeteer bot:-

from pyppeteer import launch
import asyncio

async def main():
    browser = await launch(options={'args': ['--no-sandbox','--disable-web-security']}, headless=True)
    url = 'http://127.0.0.1/search.php?x=<script>fetch("http://127.0.0.1:8888")</script>'
    page = await browser.newPage()

    response = await page.goto(url, options={
        'timeout': 3000,
        'waitUntil': 'load'})
    print('response status: {}'.format(response.status))
    await browser.close()

loop = asyncio.get_event_loop()
loop.run_until_complete(main())

The point is both bots perfectly execute js present in the page from beginning the problem is with js through xss. My browser perfectly executes JS from both reflected and stored XSS.

So if anyone could help me figuring this out it would be great. Thanks in advance.

Note: I already tried args like --disable-web-security in the pyppeteer bot but unfortunately no result.

almost 3 years ago · Juan Pablo Isaza
Responde la pregunta
Encuentra empleos remotos

¡Descubre la nueva forma de encontrar empleo!

Top de empleos
Top categorías de empleo
Empresas
Publicar vacante Precios Nuestro proceso Comercial
Legal
Términos y condiciones Política de privacidad
© 2025 PeakU Inc. All Rights Reserved.

Andres GPT

Recomiéndame algunas ofertas
Necesito ayuda